Hi everyone as we all know there are numbers of web application scanner present on backtrack os so i will be covering most of the scanner in my upcoming post so today we are going to discuss about a small tool known as Nikto.

Nikto

Nikto is basically an open source web server scanner which performs comprehensive tests against web servers for multiple items,including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

Nikto is not designed as an overly stealthy tool.its current version is "Nikto 2.1.5"

Some of its key feature:-

Full HTTP proxy support

Apache user name enumeration

Logging to metasploit

Secure Socket Layer support (SSL)

Subdomain brute forcing (guessing)

Easy to update

Save report on multiple format

How to use Nikto for scanning web app ?

The usage of this tool is very simple,but before doing these scanning you just need to update it.